A CloudFormation template is being used to deploy an RDS instance. AWS Secrets Manager is being used for the management of database credentials. How can the CloudFormation template reference the database credentials?

Answer options:

A.{
"MyRDSInstance": {
 "Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName": "MyRDSInstance",
"AllocatedStorage": "20",
"DBInstanceClass": "db.t2.micro",
"Engine": "mysql",
"MasterUsername": "{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}",
"MasterUserPassword": "{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}"
 }
 }
}
B.{
"MyRDSInstance": {
 "Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName": "MyRDSInstance",
"AllocatedStorage": "20",
"DBInstanceClass": "db.t2.micro",
 "Engine": "mysql",
"MasterUsername": "{{resolve:ssm-secure:username:1}}",
"MasterUserPassword": "{{resolve:ssm-secure:password:1}}"
 }
 }
}
C.{
"MyRDSInstance": {
 "Type": "AWS::RDS::DBInstance",
 "Properties": {
"DBName": "MyRDSInstance",
 "AllocatedStorage": "20",
"DBInstanceClass": "db.t2.micro",
"Engine": "mysql",
"MasterUsername": { “Ref” : “username” },
"MasterUserPassword": { “Ref” : “password” }
 }
 }
}
D."Mappings" : {
 "DatabaseCredentials" : {
 "Username" : { "arn:aws:secretsmanager:region:123456789012:secret:username" },
 "Password " : { "arn:aws:secretsmanager:region:123456789012:secret:password" },
 }
},
…
{
"MyRDSInstance": {
 "Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName": "MyRDSInstance",
"AllocatedStorage": "20",
"DBInstanceClass": "db.t2.micro",
"Engine": "mysql",
"MasterUsername": { [ "DatabaseCredentials", { "Ref" : "Username" } ]},
 "MasterUserPassword": { [ "DatabaseCredentials", { "Ref" : "Password" } ]}
 }
 }
}

Answer: A
Option A is CORRECT because the CloudFormation Dynamic References pattern needs to be used.The dynamic reference pattern is `{{resolve:service-name:reference-key}}`.“secretsmanager” dynamic reference pattern is used for accessing specific secret values stored in Secrets Manager.
Option B is incorrect because the ssm-secure dynamic reference pattern is used for accessing secure strings stored in Systems Manager Parameter Store (not Secrets Manager).
Option C is incorrect because Ref is a CloudFormation intrinsic function used to reference a parameter.
Option D is incorrect because this is not the correct use case for mappings. The mappings section of the CloudFormation templates is used to match a key to a value.
Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager